我在使用Kerberos身份验证时遇到一些问题,无法使用JCifs执行文件管理(Kerberos扩展版本1.3.17)
这是我目前的krb5.conf配置:
[libdefaults] default_realm =udp_preference_limit = 1 [realms] = { kdc = :88 admin_server = default_domain = } [domain_realm] . = = [appdefaults] kinit = { renewable = true forwardable = true }
这是代码验证用户,然后尝试在网络中的文件服务器上查找文件:
public static void main (String[] args) throws Exception { Subject subject = new Subject(); System.setProperty("java.security.krb5.conf", "C:/krb5.conf"); System.setProperty("sun.security.krb5.debug", "true"); Mapstate = new HashMap (); state.put("javax.security.auth.login.name", "USERNAME"); state.put("javax.security.auth.login.password", "PASSWORD".toCharArray()); Map options = new HashMap (); options.put("debug", "true"); options.put("useFirstPass", "true"); Krb5LoginModule login = new Krb5LoginModule(); login.initialize(subject, null, state, options); if (login.login()) { login.commit(); } String path = "file://HOST/242269/"; // existing file server folder Kerb5Authenticator kerberosAuthenticator = new Kerb5Authenticator(subject); SmbFile smbFile = new SmbFile(path, kerberosAuthenticator); SmbFile[] files = smbFile.listFiles(); for (SmbFile file : files) { System.out.println(file); } }
现在,当我运行此代码时,它表示可以使用这些凭据对用户进行身份验证(当我更改凭据时,身份验证失败)并为该用户创建一个票证.当我稍后尝试通过CIFS检索文件目录的内容时,它会给我以下错误:
GSSException: No valid credentials provided (Mechanism level: Message stream modified (41)) at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source) at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source) at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source) at jcifs.smb.SpnegoContext.initSecContext(SpnegoContext.java:80) at jcifs.smb.Kerb5Authenticator.setup(Kerb5Authenticator.java:196) at jcifs.smb.Kerb5Authenticator.access$000(Kerb5Authenticator.java:30) at jcifs.smb.Kerb5Authenticator$1.run(Kerb5Authenticator.java:168) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Unknown Source) at jcifs.smb.Kerb5Authenticator.sessionSetup(Kerb5Authenticator.java:166) at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:320) at jcifs.smb.SmbSession.send(SmbSession.java:239) at jcifs.smb.SmbTree.treeConnect(SmbTree.java:176) at jcifs.smb.SmbFile.doConnect(SmbFile.java:925) at jcifs.smb.SmbFile.connect(SmbFile.java:974) at jcifs.smb.SmbFile.connect0(SmbFile.java:890) at jcifs.smb.SmbFile.resolveDfs(SmbFile.java:669) at jcifs.smb.SmbFile.send(SmbFile.java:783) at jcifs.smb.SmbFile.doFindFirstNext(SmbFile.java:2009) at jcifs.smb.SmbFile.doEnum(SmbFile.java:1758) at jcifs.smb.SmbFile.listFiles(SmbFile.java:1735) at jcifs.smb.SmbFile.listFiles(SmbFile.java:1668)
你可以在这里找到完整的错误日志(一些细节被混淆)
有人可以让我朝着正确的方向前进,看看我在这里做错了什么吗?
领域的大写是非常重要的,以避免" Exception: krb_error 41 Message stream modified (41)
".
见 http://sourceforge.net/p/spnego/discussion/1003769/thread/99b3ff67/